SaaS Security Engineer

This is a 6 month contract-to-hire and needs to meet Client full-time conversion policies. Those dependent on a work permit sponsor now or anytime in the future (ie H1B, OPT, CPT, etc) do not meet Client requirements for this opening.

**MUST BE HYBRID IN Boston or Springfield, MA or New York, NY

**MUST BE W2; No Corp-to-Corp**

As a SaaS Security Engineer, you will be responsible for securing the organization s SaaS ecosystem. Your primary objective will be to assess, implement, and monitor security controls across SaaS platforms such as Microsoft 365, Salesforce, Workday, ServiceNow, and others. You ll work closely with IT, compliance, DevOps, and business units to ensure proper configurations, data protection, identity integration, and continuous monitoring of SaaS risks.

Key Responsibilities

• Review, assess and secure SaaS applications based on security best practices and benchmarks (e.g., CIS, NIST).
• Integrate SaaS apps with centralized IAM solutions (e.g., SSO/MFA via Okta, Azure AD).
• Monitor configurations, logs, and user activities using SSPM tools (e.g., AppOmni, Obsidian, Valence).
• Participate in SaaS vendor security reviews and due diligence assessments for new and existing services.
• Implement and maintain security controls for access, sharing, and integrations.
• Support and respond to SaaS-related incidents and perform root cause analysis.
• Collaborate with DevOps and application teams to embed SaaS security in CI/CD pipelines.
• Support audit and compliance efforts by ensuring platforms meet security requirements.
• Provide guidance and training to teams on SaaS Security practices and secure usage.

Required Skills

• Experience with SaaS platforms (Microsoft 365, Google Workspace, Salesforce, ServiceNow).
• Strong knowledge of identity and access management (IAM, SSO, MFA).
• Understanding of OAuth, SAML, SCIM, and API security.
• Familiarity with DLP, CASB, and SSPM technologies.
• Experience in configuring SaaS audit logs and performing log analysis.
• Ability to write and maintain security runbooks and hardening checklists.

Preferred Skills

• Experience in automation/scripting (Python, PowerShell).
• Familiarity with MITRE ATT&CK SaaS mappings.
• Exposure to Zero Trust and Secure Access Service Edge (SASE) models.
• Experience with configuration management tools and security compliance frameworks (e.g., SOC 2, ISO 27001).

Relevant Certifications

Required (or highly recommended):

• CompTIA Security+
• Microsoft Certified: Security, Compliance, and Identity Fundamentals
• Okta Certified Professional or Administrator

Preferred:

• GIAC Cloud Security Automation (GCSA)
• CCSP (Certified Cloud Security Professional)
• Certified Information Systems Security Professional (CISSP)

• Bachelor s degree in computer science, Cybersecurity, or related field - or equivalent experience.